Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
423 Commits
2 Branches
25 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0d38bca4e0'
${ noResults }
Commit Graph

23 Commits (0d38bca4e0b071d20da59316449f02b12f71a5fb)

Author SHA1 Message Date
Daniel Roethlisberger 57a2ab8588 Rewrite protocol version macros and refactoring 
Introduce HAVE_SSLV2, HAVE_SSLV3, HAVE_TLSV10, HAVE_TLSV11 and
HAVE_TLSV12 to indicate that support for the respective protocol is
available in OpenSSL.  This was necessary due to the increased
complexity of testing version support following the phasing out of SSLv2
and SSLv3 from OpenSSL implementations.  This fixes the build with
OpenSSL versions which have SSLv3 support removed.

While here, de-duplicate code for setting SSL_CTX options and do not set
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION anymore; it has no benefit
in the context of splitting SSL/TLS for analysis.

Reported by:	Jérémie Courrèges-Anglas
 9 years ago
Daniel Roethlisberger 80b727054b Refactor proxyspec printing into proxyspec_str() 9 years ago
Daniel Roethlisberger 91da4674e5 Update copyright, license and tagline 
-   Update copyright to 2015
-   Remove the non-standard "unmodified" from the 2-clause BSD license
-   Remove scalable from the tagline to avoid misinterpretations
 9 years ago
Daniel Roethlisberger 6ec6c56ded Refactored -w/-W and improved docs 10 years ago
PsychoMario b34336ab4b moved to develop branch 10 years ago
PsychoMario 4f310a877a implemented -W to write original certs 10 years ago
PsychoMario cbb2a179f9 naive implementation with -X, no help, validation, logging 10 years ago
Daniel Roethlisberger c01ace1261 Introduce privilege separation architecture 
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets.  Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations.  This is also a
preparation for -l/-L logfile reopening through SIGUSR1.

This means that -S and -F are no longer relative to chroot() if used
with -j.  This is a deliberate POLA violation.
 10 years ago
Daniel Roethlisberger 5fd1d7de9c Rename flags for clarity 10 years ago
Daniel Roethlisberger 80af8f7d52 Fix SSL_METHOD* const mismatch on OpenSSL < 1.0.0 10 years ago
Daniel Roethlisberger 150650c7e9 Make local procinfo run-time optional (-i) and use src host:port 10 years ago
Landon Fuller a4c518c8a0
Merge remote-tracking branch 'origin/fix-macosx' into logspec_path_support 10 years ago
Daniel Roethlisberger 206c688219 Refactor SSL/TLS debug code 10 years ago
Daniel Roethlisberger 6b0e47dc89 Allow more control over used SSL/TLS versions 
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.

Issue:		#30
Reported by:	@Apollo2342
 10 years ago
Landon Fuller 06c61c16ed Add support for specifying log paths as a specialized format string. 
Format string handling is fully implemented, with the exception of
support for automatically creating missing directories.
 10 years ago
Landon Fuller 9d54677009 Add support for specifying an explicit group when dropping privileges. 
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
 10 years ago
Daniel Roethlisberger 06a02f946a Always explicitly name the non-null arguments 
Always explicitly name which arguments are non-null, even if all
arguments are non-null.  This is to avoid bugs where newly added
arguments are automatically non-null by accident, possibly leading to
optimisation errors.

This also fixes a few potential errors related to non-null arguments;
specifically it prevents the compiler optimising away a test for sni
being NULL in cachedsess_mkkey().

Issue:		#14
Reported by:	kythyria
 11 years ago
Daniel Roethlisberger ca923ee7f1 Update copyright notices to 2014 11 years ago
Daniel Roethlisberger c972501063 Update copyright notices 11 years ago
Daniel Roethlisberger 8eb5165760 Optimize debug branching using __builtin_expect() 12 years ago
Daniel Roethlisberger 439e8a8267 Use WUNRES and MALLOC attribs and fix sloppy code 12 years ago
Daniel Roethlisberger ee98c04b29 Add generic OCSP denial 12 years ago
Daniel Roethlisberger 4cfdef405a Initial import of sslsplit-0.4.2 12 years ago